[v4,3/5] memzone: check result of rte_fbarray_get and malloc_elem_from_data
Checks
Commit Message
From: Sinan Kaya <okaya@kernel.org>
In memzone_lookup_thread_unsafe result of call to rte_fbarray_get
is dereferenced here and may be null.
In memzone_reserve_aligned_thread_unsafe result of call
to malloc_elem_from_data is dereferenced here and may be null.
Signed-off-by: Sinan Kaya <okaya@kernel.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---
lib/eal/common/eal_common_memzone.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
@@ -77,7 +77,7 @@ memzone_lookup_thread_unsafe(const char *name)
i = rte_fbarray_find_next_used(arr, 0);
while (i >= 0) {
mz = rte_fbarray_get(arr, i);
- if (mz->addr != NULL &&
+ if ((mz != NULL) && (mz->addr != NULL) &&
!strncmp(name, mz->name, RTE_MEMZONE_NAMESIZE))
return mz;
i = rte_fbarray_find_next_used(arr, i + 1);
@@ -206,6 +206,10 @@ memzone_reserve_aligned_thread_unsafe(const char *name, size_t len,
}
struct malloc_elem *elem = malloc_elem_from_data(mz_addr);
+ if (elem == NULL) {
+ rte_errno = ENOSPC;
+ return NULL;
+ }
/* fill the zone in config */
mz_idx = rte_fbarray_find_next_free(arr, 0);
@@ -395,6 +399,10 @@ dump_memzone(const struct rte_memzone *mz, void *arg)
fprintf(f, "physical segments used:\n");
ms_idx = RTE_PTR_DIFF(mz->addr, msl->base_va) / page_sz;
ms = rte_fbarray_get(&msl->memseg_arr, ms_idx);
+ if (ms == NULL) {
+ RTE_LOG(DEBUG, EAL, "Skipping bad memzone\n");
+ return;
+ }
do {
fprintf(f, " addr: %p iova: 0x%" PRIx64 " "